public ActionResult SimpleQuery() { string startwhere = string.Empty; string report = Request.Form["report"]; CommondController commond = new CommondController(_db); string sqlValue = commond.GetSqlValue(report, isFillter: false); /*TODO: isFillter:false SimpleQuery*/ if (sqlValue.IsEmpty()) { return(Content("no")); } string[] keys = Request.Form.AllKeys; MYSQLInit init = new MYSQLInit(); try { SimpleSqlInjectMethod(init, sqlValue, keys); int rowEf = commond.GetCount(sqlValue + init.GetCurrentSQL(), init.GetCurrentPara()); if (0 == rowEf) { return(Content("no")); } } catch (Exception ex) { BugLog.Write(ex.ToString()); return(Content("error")); } Session["SqlValue"] = GetSimpleSql(report); return(Content("ok")); }
public JsonResult getJsonFromReport(PageList pagelist) { int total = 0; CommondController commond = new CommondController(_db); string sqlValue = commond.GetSqlValue(pagelist.report, isFillter: true);/*TODO:isFiller:true getJsonFromReport*/ List <Dictionary <string, string> > rows = null; if (sqlValue.IsNotEmpty()) { pagelist.sql = sqlValue; total = commond.GetCount(sqlValue); rows = commond.GetJSON(LimitDataTable(pagelist)); } return(Json(new { total = total, rows = rows }, JsonRequestBehavior.AllowGet)); }
public ActionResult SimpleQuery2() { string startwhere = string.Empty; string report = Request.Form["report"]; CommondController commond = new CommondController(_db); string sqlValue = commond.GetSqlValue(report, isFillter: false); /*TODO: isFillter:false SimpleQuery*/ System.Text.StringBuilder sb = new System.Text.StringBuilder(); string[] keys = Request.Form.AllKeys; try { #region 遍历表单值 排除report 跟订单状态 foreach (string name in keys) { if ("report" == name || "订单状态" == name || "__RequestVerificationToken" == name) { continue; } if (name.Contains("日期1") && Request.Form[name].IsNotEmpty()) { var value = sqlValue.GetFieldSqlByName(name.Substring(0, name.Length - 1)); sb.AppendFormat(" and {0} > '{1}' ", value, Request.Form[name]); continue; } if (name.Contains("日期2") && Request.Form[name].IsNotEmpty()) { DateTime endTime = DateTime.Parse(Request.Form[name]).AddDays(1); var dateStr = endTime.ToString("yyyy-MM-dd"); var value = sqlValue.GetFieldSqlByName(name.Substring(0, name.Length - 1)); sb.AppendFormat(" and {0} < '{1}' ", value, dateStr); continue; } if (Request.Form[name].IsNotEmpty()) { var value = sqlValue.GetFieldSqlByName(name); sb.AppendFormat(" and {0} like '%{1}%' ", value, Request.Form[name]); } } #endregion #region 遍历订单状态 if (Request.Form["订单状态"].IsNotEmpty()) // keys.toStringMergeChar(',').Contains("订单状态") { string[] status = Request.Form["订单状态"].toStringArray(); var value = sqlValue.GetFieldSqlByName("订单状态"); sb.AppendFormat(" and {0} in (", value); for (int i = 0; i < status.Length; i++) { sb.AppendFormat("'{0}',", status[i]); } startwhere = sb.ToString().TrimEnd(','); startwhere += ")"; } if (startwhere.IsEmpty()) { startwhere = sb.ToString(); } if (sb.ToString().IsEmpty()) { Session["SqlValue"] = sqlValue; return(Content("ok")); } #endregion sqlValue = sqlValue.IndexOf("where", StringComparison.OrdinalIgnoreCase) > -1 ? sqlValue + startwhere : sqlValue + startwhere.Substring(startwhere.IndexOf(" and", StringComparison.OrdinalIgnoreCase) + " and".Length).Insert(0, " where "); int rowEf = commond.GetCount(sqlValue); if (0 == rowEf) { return(Content("no")); } } catch (Exception ex) { BugLog.Write(ex.ToString()); return(Content("error")); } Session["SqlValue"] = sqlValue; return(Content("ok")); }
public ActionResult AdvancedQuery() { //高级查询 重新查询所有 (重要) string typeInt = "System.Int32System.Int64System.UInt64System.Int16System.IntSystem.DecimalSystem.SingleSystem.DoubleSystem.SByteSystem.Decima"; string report = Request.Form["report"]; string[] ziduan = Request.Form["ziduan"].Split(new char[] { ',' }); string[] leixing = Request.Form["leixing"].Split(new char[] { ',' }); Dictionary <string, FormValue> dic = new Dictionary <string, FormValue>(); int i = 0; foreach (var item in ziduan) { FormValue fv = new FormValue { name = ziduan[i], DateExit = true, value = Request.Form[ziduan[i]] }; if (leixing[i] == "System.DateTime") { #region System.DateTime if (Request.Form[ziduan[i]].Trim() == string.Empty) { fv.DateExit = false; } if ((Request.Form[ziduan[i] + ziduan[i]]).Trim() == string.Empty) { fv.SecondData = false; } else { fv.SecondData = true; string date = Request.Form[ziduan[i] + ziduan[i]]; fv.maxDataTime = DateTime.Parse(date).AddDays(1).ToString(); } #endregion } else if (typeInt.Contains(leixing[i])) { //存在运算符 if (Request.Form[ziduan[i]].Trim() == string.Empty) { fv.DateExit = false; } else { fv.operatorstr = Request.Form[ziduan[i] + "selectname"]; } } else { if (Request.Form[ziduan[i]].Trim() == string.Empty) { fv.DateExit = false; } } dic.Add(leixing[i] + i.ToString(), fv); i++; } CommondController commond = new CommondController(_db); string sql = commond.GetSqlValue(report, isFillter: false); /*TODO: isFillter:false AdvancedQuery*/ if (sql.IsNotEmpty()) { //old method //处理sql拼接 //sqlString = GetSqlValue(sql, dic, Request.Form["title"]); //getSqlByDict(sql, dic); //var count=commond.GetCount(sqlString); //if (0 == count) //return Content("no"); ////保存当前多条件查询的字符串 //Session["SqlValue"] = sqlString; //return Content("ok"); MYSQLInit sqlInit = new MYSQLInit(); SqlInjectMethod(sql, dic, sqlInit); var listcount = commond.GetCount(sql + sqlInit.GetCurrentSQL(), sqlInit.GetCurrentPara()); if (0 == listcount) { return(Content("no")); } else { Session["SqlValue"] = GetSqlValue(sql, dic, Request.Form["title"]); return(Content("ok")); } } else { return(Content("no")); } }